Massimo Calabresi

Massimo Calabresi

Massimo Calabresi joined the Washington bureau of TIME in 1999 and has covered the CIA, State, Justice, Treasury, Congress and the White House. He covered the wars in Bosnia, Croatia and Kosovo as TIME's Central Europe bureau chief from 1995 to 1999 and the collapse of the Soviet Union as a freelancer in Moscow in 1991.

U.S.-Iran nuclear talks will never overcome decades of suspicion. Can both sides deal with that?

The ceremonial entrance to the Palais Coburg hotel in the heart of Vienna sits atop an elaborate staircase rising from the end of the former palace’s carriage drive, creating what the hotel’s promotional literature calls “the anticipation of a grand event.” But on a balmy day last June, the five American nuclear experts arriving at Palais Coburg needed no added drama. Ahead of them lay a tense confrontation with their Iranian counterparts in a day of high-stakes talks over Tehran’s nuclear program.

In one of the building’s ornate 19th century staterooms, the Americans faced off against the Iranians across a large conference table. Over the next hour, the U.S. team presented excerpts from a series of highly classified Iranian documents …

Israeli Prime Minister Benjamin Netanyahu tried to cancel a January briefing for U.S. Senators by his nation’s intelligence service that warned Congress could damage talks aimed at constraining Iran’s nuclear program, according to sources familiar with the events.

Tennessee Republican Bob Corker, the head of the Senate Foreign Relations Committee, had requested the Jan. 19 briefing for six of his colleagues traveling to Israel so that the intelligence agency, Mossad, could warn them that a Senate proposal might inadvertently collapse the talks. After Netanyahu’s office stripped the meeting from the trip schedule, Corker threatened to cut his own Israel trip short in protest.

At issue was the fate of a Nov. 2013 agreement between Iran, the U.S. and five other international powers. That temporary agreement promised no new economic sanctions on Iran in exchange for a freeze of Iran’s nuclear program, new international inspections of Iran’s nuclear sites and the removal of nearly all medium-enriched uranium from Iran’s possession. Both sides have stuck to the interim deal while talks on a long-term deal to constrain the Iranian nuclear program have dragged out.

The controversial but popular bill proposed by Republican Mark Kirk and Democrat Robert Menendez would have imposed new sanctions on Iran if it didn’t agree by June 30 to a long-term deal. U.S. intelligence officials had concluded that the Kirk-Menendez bill risked collapsing the talks and taking with it the 16-month-old agreement, according to a report by Eli Lake and Josh Rogin of Bloomberg View. Corker wanted the Mossad briefing to bolster the U.S. assessment.

During the Mossad briefing, the agency’s chief, Tamir Pardo, warned that the Kirk-Menendez bill would be like “throwing a grenade” into the U.S.-Iran diplomatic process. After some of the contents of the briefing were first reported by Bloomberg View, Pardo released a statement saying he had used the phrase not to oppose new sanctions, but “as a metaphor” to describe the effect derailing current talks might have.

A spokesman for Netanyahu declined to say why the Prime Minister acted to prevent the Senators from receiving the briefing from Pardo. Since the Mossad briefing, Corker has rallied support for an alternative measure to replace the Kirk-Menendez proposal, support for which has faded. Corker’s bill, which has broad support and potentially could receive enough votes for a veto-proof majority, would only impose new sanctions if Iran walked away from the Nov. 2013 agreement.

U.S. and Iranian officials are entering a tense phase of negotiations in Switzerland this week as they attempt to reach a political deal to extend and expand the Nov. 2013 agreement for at least 10 years. As the challenges of reaching the longer-term deal have increased, some in the U.S. are trying to ensure the interim agreement that has frozen the Iranian program isn’t undermined in the process.

Some members of the Senate oppose the ongoing talks with Iran. Freshman Republican Senator Tom Cotton last week issued an open letter with 46 other GOP Senators warning the Iranian leadership that Congress could reverse parts of any deal the talks produce. Corker did not sign that letter; his bill provides for partial Congressional approval of a deal.

Cotton has said that rather than negotiate with Iran, the U.S. should adopt a policy of regime change and should arm Israel with bombers and bunker busting bombs with which it could attack Iranian nuclear sites. Authorities in both parties, including Obama’s first Defense Secretary Robert Gates, have worried that an Israeli attack could draw the U.S. into a military confrontation with Iran on unfavorable terms.

Supporters of Kirk-Menendez argue it would increase pressure on Iran to make concessions that would more effectively limit its ability to get a nuclear weapon. Republicans are concerned that the Obama administration is too eager to do a long-term deal with Iran and is making too many concessions in the current talks. Secretary of State John Kerry arrives for talks in Geneva Sunday ahead of a self-imposed Mar. 24 deadline for the political framework for a long-term deal. Final terms of a comprehensive agreement would not be worked out before June.

Netanyahu is seeking re-election in a tough vote Tuesday, with his Likud Party trailing his strongest competitor, Zionist Union, by four points in recent polls.

Why Republicans Wrote to the Ayatollahs

Samuel Corum—Anadolu Agency/Getty ImagesSenator Tom Cotton speaks during a news conference with members of the Senate Armed Services Committee about arming Ukraine in the fight against Russia in Washington, D.C. on Feb. 5, 2015.

Two words: Regime change

The 47 Republican Senators who wrote to the leaders of the Islamic Republic of Iran yesterday did so, they said, “to bring to your attention two features of our Constitution” which the Senators said limit how much President Obama can commit to in nuclear negotiations between Tehran, the U.S. and its five allies.

But to judge by his past statements about those negotiations, the letter’s primary author intended it not so much to edify the Iranians about the American system of government as to completely undermine the talks themselves.

Freshman Sen. Tom Cotton of Arkansas strongly opposes the nuclear talks and believes they should stop immediately. In January, he told the Heritage Foundation “the ongoing nuclear negotiations with Iran … started out as an unwise policy [and have] now descended into a dangerous farce.”

In his Heritage speech, Cotton suggested that Obama might have cut a quiet deal to push off Iranian nuclear weapons capability until after the end of his second term. Cotton said that the President, in writing to Iran’s supreme leader over the last several years in pursuit of a diplomatic solution to the nuclear impasse, had behaved “like a love-struck teenager.”

By contrast, Cotton informed the Iranian leaders in his letter Monday that any deal Obama cut with them might not last. “We will consider any agreement regarding your nuclear weapons program that is not approved by the Congress as nothing more than an executive agreement,” Cotton and his fellow Senators wrote. “The next president could revoke such an executive agreement with the stroke of a pen and future Congresses could modify the terms of the agreement at any time,” the Republican Senators added.

Cotton has thoughts on what an alternative policy should be. In his Heritage speech, he said the U.S. should focus first and foremost on bringing down the regime in Tehran. “The goal of our policy must be clear: regime change in Iran,” Cotton said. To that end, Cotton said, the U.S. Congress should offer to transfer bombers and 30,000 pound bunker busting bombs to Israel for use should Israel decide to attack Iranian nuclear sites.

Not all the Republicans agree with that policy. Seven Republican Senators did not sign the letter, although they have not all stated their reasons. Former Defense Secretary Robert Gates has previously argued that Israeli military strikes against Iran could draw the U.S. unprepared into war. Cotton served in Iraq and Afghanistan, but after two long and costly wars few politicians are willing publicly to embrace policies that could drag the U.S. into another Middle East conflict.

Which may explain why Cotton and his fellow signatories ended their letter to the Iranians by saying only that, “We hope this letter enriches your knowledge of our constitutional system and promotes mutual understanding and clarity as nuclear negotiations progress.”

U.S. Faults Ferguson Police for Racial Bias

Robert Cohen—St. Louis Post-Dispatch/Getty ImagesProtesters drop a mirrored casket in front of a line of police officers in front of the Ferguson Police Department in Ferguson, Mo., on Oct. 10, 2014

The report is scathing, but the big question is what comes next

The violent protests in Ferguson last August were driven by the indelible image of an unarmed black teenager, Michael Brown, lying in the street after a white police officer, Darren Wilson, shot him dead. But the outrage in Ferguson, and the national debate that accompanied it, were also about something harder to see: racism, and the allegation that Ferguson’s largely white cops were deeply, systematically and violently prejudiced against black residents.

Now, as one of his last acts as U.S. Attorney General, Eric Holder has painted a picture of Ferguson’s entrenched racism that is clear and unmistakable. A Justice Department investigation opened after Brown’s shooting has found routine patterns and practices of racism in Ferguson, including the excessive use of force and unjustified arrests, officials said Tuesday. The findings are scathing in their detail:

Popular Among Subscribers

In 88 percent of the cases in which the department used force, it was against African Americans. In all of the 14 canine-bite incidents for which racial information was available, the person bitten was African American.

In Ferguson court cases, African Americans are 68 percent less likely than others to have their cases dismissed by a municipal judge, according to the Justice review. In 2013, African Americans accounted for 92 percent of cases in which an arrest warrant was issued.

The investigation also turned up bigoted emails, like one from November 2008 that reportedly said President Obama wouldn’t complete his first term as President because “what black man holds a steady job for four years.” The St. Louis Post-Dispatchreported another racist message, from May 2011, reading: “An African-American woman in New Orleans was admitted into the hospital for a pregnancy termination. Two weeks later she received a check for $5,000. She phoned the hospital to ask who it was from. The hospital said, ‘Crimestoppers.'”

The Justice Department spent 100 days in Ferguson collecting such details, and the report is an end in itself, putting an official stamp on the town’s problems that some had found easy to dismiss. But when it comes to fixing the harsh reality of racism in Ferguson, it’s not clear transparency will be enough.

The question now is whether the report will deliver reform in the beleaguered St. Louis suburb. The Justice Department under Holder has significantly increased the number of pattern or practice investigations, and some past settlements with police departments have led to dramatic improvements. But others say the department’s lack of enforcement powers mean reform depends on local politicians, and worry Ferguson’s leaders won’t bring change.

Under the 1994 law authorizing such “pattern or practice” investigations, the Justice Department has little enforcement power to fix the problems it finds. As a rule, it enters into contracts with the offending force, which agrees to increase transparency and data collection and to provide better training and supervision.

Police officials and their unions often resist reform, several studies have shown. The Justice Department has “very few sticks they can use,” to get past such obstacles, says Elliot Harvey Schatmeier, a lawyer at the New York City office of Kirkland & Ellis and the author of one such study.

Others say that in many cases, the attention brought by the investigations is enough. In Pittsburgh, New Jersey and Los Angeles, Justice Department investigations led to successful reforms, says Chris Stone, president of the Open Society Foundations and a criminal-justice scholar. More important, Stone says, “They’ve established a national standard for what good policing looks like.”

Holder’s Ferguson findings, Stone says, have the potential to lead to a similar blueprint for smaller, suburban police forces around the country, which have typically been hard to reform.

By the same token, though, a failure in the high-profile Ferguson case could set back the effort to reform small police departments. Holder has established with clarity the problem in Ferguson. But without local political buy-in, the town that came to symbolize 21st century police racism in America could end up symbolizing its resistance to reform too.

It would be easy but for the deep differences in policy, politics and personality.

The messy relationship between Benjamin Netanyahu and Barack Obama began, appropriately enough, in a janitor’s office at Reagan National Airport in March 2007. U.S. and Israeli diplomats have been cleaning up ever since, as the two men have left a path littered with personal slights and policy differences.

But their confrontation over Netanyahu’s politically tinged speech to Congress Tuesday could end up being their messiest yet, affecting the outcome of U.S.-Iran nuclear talks, the upcoming election in Israel and the future of the Middle East.

Bibi and Barack’s hastily arranged first meeting was, in fact, cordial and respectful, according to those who were there. Obama was returning to Washington from the primary campaign trail. Netanyahu was headed back to Israel where he was the opposition leader in the Knesset. Both knew they might soon be in power, and both recognized it would be work to reconcile their differences.

For starters, they came from very different backgrounds. As TIME wrote in 2010, Netanyahu’s father, Benzion, was among the intellectual leaders of what is known as revisionist Zionism while his older brother became a national hero after leading, and dying in, the 1976 raid on Entebbe.

Obama for his part is the Christian son of an atheist father who had been raised a Muslim. The future president spent formative childhood years in a Jakarta house that had no refrigerator and no flushing toilet, and he still bears on his arm a scar from a playing-field cut perfunctorily stitched up in a Jakarta hospital.

But the real challenge the two have faced is their different policies in the Middle East. Obama came to office reaching out to Iran and pushing for Israeli-Palestinian peace. Netanyahu opposed warming ties with the militantly anti-Israel theocrats in Tehran and refused in early meetings with Obama publicly to embrace the possibility of a Palestinian state.

The two men have endeavored to put a positive face on their differences, and at times it wasn’t hard since they and their countries often had common interests. The two countries have collaborated on anti-Iran measures, and senior officials say the security relationship between the two countries has never been closer.

But as often as not, the combination of personal and policy differences, fueled by distrustful staffers, gave way to friction between the two men. There was the time Israel announced a massive expansion of settlements in East Jerusalem just as Vice President Joe Biden arrived there for talks—a traditional Israeli greeting for peace-process pushing U.S. diplomats that dates back at least to Secretary of State James Baker. Then there was “the Snub” —Obama’s 2010 decision to leave Netanyahu negotiating with aides in the West Wing while he went for dinner with his family.

The outcome of their latest confrontation remains to be seen. Netanyahu faces a tough election this month and the White House’s increasingly public criticism may well show their desire for a change in leadership. Netanyahu’s effort to encourage anti-Obama members of Congress to push new sanctions could help scupper the already tenuous U.S.-Iranian talks.

But even if nothing much comes of their latest confrontation, few imagine the men will ever be inclined to patch up their differences. As Netanyahu’s sometime political nemesis Avram Burg told TIME in 2010, the two men may simply be irreconcilable. “You cannot stitch together the world visions of Obama and Netanyahu,” Burg said. “This is a clash of the psychological infrastructure.”

Why Terrorism Works: Jihadi John and the Fear Premium

APThis frame from a video released by Islamic State militants purports to show 'Jihadi John' before the alleged killing of taxi driver Alan Henning, released on Oct. 3, 2014.

It costs a lot to identify future threats

What’s it worth it to keep the world safe from “Jihadi John”? In theory, the vast economic resources and intelligence power of the West should make identifying, tracking and detaining a single, brutal terrorist worth the cost.

But ease of travel, availability of low-tech weapons and our inability to identify future threats from the vast pool of potential terrorists make neutralizing bad guys before they become high-profile killers difficult. The calculation becomes even harder when you realize the enormous cost of counterterrorism investments and how many lives can be saved in other areas of life for the same money.

On the surface, it seems like a simple thing. Mohammed Emwazi, who was identified by the Washington Post Thursday as the ISIS executioner “Jihadi John”, had been questioned and released by British authorities long before he went to Syria to join the group, according to the BBC. Not surprisingly, some are already asking how such a notorious killer could have slipped through authorities’ hands.

For starters, it’s hard to know whom to watch. Investigations into the July 7, 2005 terrorist bombings in London that killed 52 people and injured 700 confirmed that the UK’s domestic security service, MI5, had previously come across some of the members of the plot. But the investigations [pdf] concluded that the huge amount of threat information before MI5 and the lack of evidence of an imminent threat meant “it would not be right or fair to criticise the Security Service for the fact they did not pay greater attention” to the plotters.

Similarly, after the Paris attack at the satirical weekly magazine, Charlie Hebdo, French authorities were criticized for not doing a better job tracking the killers beforehand. Both men had been on U.S. terrorist watch lists, and the French Prime Minister admitted “failings” by intelligence services after the attack. But some estimates say it costs millions to monitor just one terrorism suspect, let alone the hundreds that French authorities say they would have to track to foil every possible future attacker, assuming one could even create a reliable and useful list of suspects.

Some have tried to calculate the total cost of such an effort. A 2014 study by John Mueller of Ohio University and the CATO Institute and Mark Stewart of the University of Newcastle in Australia, did a “back of the envelope” estimate to compare the cost of attacks to the cost of prevention. The authors assumed what they say is a common valuation of a human life of $6 million-$7 million and factored in their calculations the consequences of an attack, its likelihood of success, the risk reduction of terrorism measures and their costs.

Their conclusion: based on an estimated $75 billion increase in annual counterterrorism spending in the wake of 9/11 by the U.S. government, authorities would have to stop “150 Boston-type attacks per year, 15 London-type attacks each year, or one 9/11-type attack every three years” to justify the expense.

Such numbers are more polemical than scientific, of course: dollar costs aren’t the only consequences to factor into the equation. We may decide to pay extra to feel safe from foreign threats, or to fight back against those who directly challenge our political and social structures. We may value humanitarian intervention against terrorists who embrace genocide. Or we may think that the costs of current terrorist attacks could rise dramatically if, for example, bad guys got nuclear, biological or chemical weapons.

National security hawks argue that we should pay with diminished privacy to leverage America’s technical superiority in electronic surveillance, which gives a lot of coverage for relatively little money. Mueller points out that the “Transportation Security Administration’s Federal Air Marshal Service and its full body scanner technology together are nearly as costly as the entire FBI counterterrorism budget,” which delivers a regular stream of arrested potential future jihadis.

Ultimately, if all we’re doing is paying extra because we’re afraid, though, Mueller’s numbers highlight the premium that fear factor represents. It costs a lot more to protect you from a terrorist attack that is statistically extremely unlikely to kill you than to minimize many other daily dangers, like auto accidents, gun deaths and falls by seniors.

That of course is the asymmetric idea as far as terrorists are concerned–use cheap but scary methods to trick opponents into costly, ineffectual countermeasures. In other words, terrorism works.

See our cover story this week, “The ISIS Trap” for more on the current calculation before the Obama administration.

Candidate to Lead FDA Has Close Ties to Big Pharma

Duke's Dr. Robert Califf sees closer collaboration between government and industry

Last May, Duke University’s Vice Chancellor for clinical research, Dr. Robert Califf, told an audience of executives that the American system for developing drugs and medical devices was in crisis. Using slides [pdf] developed by Duke’s business school, he said the system was too slow and too expensive, and required disruption and transformation. Towards the end of his talk, he put up a slide that identified a key barrier to change: regulation.

Such views are not uncommon in industry, academic research and on Capitol Hill, but they are noteworthy coming from Califf because he could soon be America’s top regulator overseeing the safety and efficacy of the country’s drugs and medical devices. Califf is already set to become deputy commissioner at the Food and Drug Administration (FDA) next month. Now sources familiar with the process tell TIME he is on President Barack Obama’s short list to run the agency following this month’s announcement that its long-serving commissioner, Margaret Hamburg, will step down in March.

Popular Among Subscribers

The White House declined to comment on pending personnel decisions, but word that Califf is in contention for the top spot at the FDA comes at a key moment. The agency faces potentially dramatic changes this year as Congress prepares to rewrite many of the rules for how drugs and medical devices are reviewed and tested for safety and efficacy. Califf is widely respected in the public and private sectors, but his candidacy is seen by some as a threat to the independence and authority of the FDA, thanks to his views on the need to accelerate change and his deep financial and intellectual ties to the pharmaceutical and medical device industries.

Califf says his salary is contractually underwritten in part by several large pharmaceutical companies, including Merck, Bristol-Myers Squibb, Eli Lilly and Novartis. He also receives as much as $100,000 a year in consulting fees from some of those companies, and from others, according to his 2014 conflict of interest disclosure [pdf]. In an interview with TIME, Califf estimates that less than half of his annual income comes from research money provided by the pharmaceutical industry, though he says he is not certain because he doesn’t tend to distinguish between industry and government research funding. He says he is divesting his holdings in two privately-held pharmaceutical companies he helped get off the ground.

Califf says such collaboration, not just between industry and academia, but with government, too, is the way of the future. “The greatest progress almost certainly will be made by breaking out of insular knowledge bases and collaborating across the different sectors,” Califf says. He says there is “a tension which cannot be avoided between regulating an industry and creating the conditions where the industry can thrive, and the FDA’s got to do both.” He says it would be “useful to have someone [leading the FDA] who understands how companies operate because you’re interacting with them all the time.”

Diana Zuckerman, President of the National Center for Health Research, which advocates for FDA regulatory authority, says such ties “should be of great concern.” Dr. Califf is “a very accomplished, smart physician who’s been an important name in the field,” Zuckerman says, but his “interdependent relationships” raise questions about his “objectivity and distance.” She cites severalstudies suggesting the medical products industry uses such ties to influence the behavior and decision making of doctors and researchers, even when the scientists don’t realize it.

The tension over Califf’s collaboration with industry gets to the heart of the future of the FDA at a pivotal moment. While FDA defenders see the collaboration as a threat to its independence, others see close relationships between government, industry and academia as the model for the future. Califf heads a successful and powerful clinical research program, the Duke Translational Medicine Institute, which brings together industry drug researchers, academic scientists and federal regulators to speed drug development and approval. Califf estimates 50-60% of its $320 million in annual research funding comes from industry.

Capitol Hill is considering codifying parts of that collaborative model for the FDA. The powerful Energy and Commerce Committee in the U.S. House of Representatives recently introduced a draft bill called 21st Century Cures, which would loosen the drug approval and post-market oversight process. Califf says because the bill is still in draft it is too early to pass an overall judgment on it but he says, “I support a lot of the concepts in the bill.”

In the Senate, the Health, Education, Labor and Pensions (HELP) committee has begun work on its own bill, with committee chairman Lamar Alexander declaring, “It takes too long and costs too much to develop medical products.” In a report paving the way for his legislation, Alexander concluded the FDA has grown too large, has fallen behind scientific innovation and threatens American leadership in biomedical innovation. Reform efforts in the Senate may be aided by the support of liberals like Elizabeth Warren who back looser regulations on the medical device industry.

The FDA uses a model for drug testing and oversight largely developed in the early 1960s, with phased trials before drugs and devices are approved for sale to ensure they are safe and effective, and “post-market” studies afterwards to monitor them. Over time, the agency has come to rely on the medical product industry for more than 60% of its budget for post-market monitoring. Accused of regulatory capture by those who see undue industry influence, the FDA has faced attacks from both sides.

That means the FDA has few defenders and will rely heavily on its next commissioner to stand up for it in public and on Capitol Hill. “This is a very dangerous time for the agency,” says Zuckerman of the National Center for Health Research, “It’s under fire in a way that is unprecedented in the last 20 years.”

Califf’s supporters point out that he is among the ten most cited medical authors in America, and that he has spent his career as a clinician helping patients. Regarding the danger of regulators being “captured” by their interactions with industry, Califf says, “The difference between capture and collaboration towards improving human health is a pretty big difference.”

The White House has set no time frame for its decision on Hamburg’s replacement. It has announced the acting commissioner will be Dr. Stephen Ostroff, a scientist and long-time official at the Health and Human Services department, when she steps down in March.

This Could Be the End of User Name and Password

Scott Eels—Bloomberg/Getty ImagesBenjamin Lawsky superintendent of the New York State Department of Financial Services, speaks during a Bloomberg Television interview in New York on Nov. 24, 2014.

Anthem, J.P. Morgan hacks could lead to tougher online security.

A top New York State regulator is “very likely” to impose new cyber-security rules on much of the banking and insurance industries after high profile cyber-intrusions at Anthem and JP Morgan Chase, law enforcement officials tell TIME.

The move could spell the beginning of the end for a decade-long debate among state and federal regulators over whether to require companies to go beyond the simple user name and password identity checks required to access many computer networks at the heart of America’s financial system and could affect everyone from employees at those firms to the consumers they serve.

Early investigations in the Anthem case suggest foreign hackers used the user name and password of a company executive to get inside Anthem’s system and make off with personal data for 80 million people, including names, addresses and Social Security numbers, the law enforcement officials tell TIME. Anthem had invested in extensive cyber defenses in recent years, but the officials say initial investigations suggest the theft could have been averted if the company had embraced tougher methods for verifying the identity of those trying to access its systems.

That shortcoming reflects systemic weaknesses found throughout the industry in an upcoming study by the New York State Department of Financial Services, a version of which was reviewed by TIME. Among the most worrying findings was a marked level of over-confidence among insurance industry officials regarding the security of their systems. “Anthem is a wake-up call to the insurance sector really showing that there is a huge potential vulnerability here,” says Benjamin Lawsky, the department’s superintendent.

While many big health, life and property insurers boast robust cyber-defenses, including encryption for data transfers, firewalls, and anti-virus software, many still rely on relatively weak verification methods for employees and consumers, and have lax controls over third-party vendors that have access to their systems and the personal data contained there, according to the report. The study follows a similar review by Lawsky’s office of the banking sector late last year that led to tighter cyber-examinations for banks doing business in New York.

As the fourth-largest state and the home to many of the corporations in question, New York could affect consumers in other states with its decisions.

For more than a decade, federal and state regulators have debated measures to require increased security at banks and insurance companies that handle the financial and personal details of hundreds of millions of Americans. In 2005, the federal body charged with setting the examination standards for federal regulators concluded [pdf] that simple user name and password systems were “inadequate” for “transactions involving access to customer information or the movement of funds to other parties,” but stopped short of requiring tighter measures. Updated guidance in 2011 [pdf] also stopped short of requiring them.

The primary federal regulator of big banks, the Office of the Comptroller of the Currency (OCC) says different banks need to assess their own risks in determining whether to use additional verification methods. Other regulators have worried that if one agency, like the New York State Department of Financial Services, tightens standards on its own, the result will be a patchwork of rules that make life difficult for banks doing business across the country.

Still, most agree that username and password security alone is increasingly vulnerable to hackers. As American Banker reports:

Most of the security breaches that occur in banking today use compromised credentials. More than 900 million consumer records have been stolen [in 2014] alone, according to Risk Based Security; 66.3% included passwords and 56.9% included usernames. According to Verizon’s latest Data Breach Investigations Report, weak or stolen login credentials were a factor in more than 76% of the breaches analyzed.

The additional measures New York State is likely to require are known as “multi-factor authentication” and include a range of approaches to verify the identity of those trying to sign on to a computer system. Options include sending a confirmation number to an individual’s cell phone, using a fingerprint or other biometric authentication, or using a separate identification source, like a swipe card.

Lawsky has not decided whether his new rule would require institutions to use multi-factor authentication only for employees and third-party vendors, or whether consumers would be required to use them too. However, requiring major banks and insurers under his purview—such as Barclays, Goldman Sachs, Anthem and others—to adopt multi-factor authentication could change the industry standard.

Lawsky says he is eager to see that change. “The password system should have been buried a long time ago, and its high time we buried it,” Lawsky tells TIME. “We really need everyone to go to a system of multi-factor verification. It is just too easy, whether through basic hacking or through phishing or stealing basic information, for hackers to get a password and a user name and then to get into a system,” he says.

State and federal officials have argued that banking and insurance cyber vulnerabilities pose a threat not just to the accounts of individual consumers, but potentially to the stability of the entire financial system. The Obama administration’s recently released National Security Strategy says, “the danger of disruptive and even destructive cyber-attack is growing,” thanks to “malicious government, criminal, and individual actors,” targeting the networked infrastructure on which economy, safety, and health rely.

The New York State Department of Financial Services study of the insurance industry shows most are largely convinced they are confronting and defeating hackers. 58% claimed they had experienced no security breaches during the three years preceding the 2013-14 study, while 35% said they had only between one and five such incidents.

To some that suggests naiveté on the part of the industry. As FBI Director James Comey said last fall, “There are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”

In addition to the new rules on identity verification, Lawsky expects to impose new requirements on third-party vendors that have access to insurance company databases. Those vendors often have lower cyber-security standards and are not required to describe those standards to the companies even though they often have full access to personal data held by the company.

The Head of the FDA is Leaving. Here’s Why That’s a Big Deal.

Andrew Harrer—Bloomberg/Getty ImagesMargaret Hamburg, commissioner of the Food and Drug Administration (FDA), listens to a question during an interview in Washington, D.C. on May 28, 2014.

More changes at the powerful agency may be in the works

There are a lot of high-level positions in the federal government that can be filled with any warm body, and many often are. But every now and then a job opens up at a time when the person who fills it makes a big difference, not just in the headlines but in the lives of everyday Americans for years to come.

On Thursday, the Commissioner of the Food and Drug Administration, Margaret Hamburg, announced her intention to step down in March after six years in one of the toughest jobs in government. Inheriting the FDA at a moment of crisis, she endured a few scandals of her own while stabilizing the agency, so her departure after such a long and challenging tenure is not necessarily a surprise.

But the timing is significant, because it comes at what one close FDA observer, Professor Daniel Carpenter of Harvard, calls “a deregulatory moment” at the FDA. The agency faces a bipartisan push on Capitol Hill to reform key elements of its authority, including how it approves drugs and medical devices, the reach of its oversight authority and possibly the methods by which it is funded.

The effects of those changes could be anything but bureaucratic. The FDA is arguably the most powerful regulatory agency in the world, making and enforcing the rules for as much as one quarter of the consumer goods economy in America—and therefore, by extension, the rest of the world. Through its decisions about everything from food labeling to drug testing, it affects the health, safety and wealth of billions of people around the globe.

Hamburg took over the FDA in 2009 after multiple scandals over political influence and drug safety, including the approval and oversight of dangerous anti-depressants, anti-inflammatories and painkillers. Once on the job, she faced criticism for deaths caused by tainted steroids known as compounded drugs and for her handling of a plan to expand availability of the Plan B morning after pill to teenagers.

However both sides of the aisle praise her for stabilizing the agency. On Capitol Hill, Republican Sen. Lamar Alexander of Tennessee, the head of the Senate’s FDA-controlling Committee on Health, Education, Labor and Pensions (HELP), said he was “grateful to Dr. Hamburg for her leadership.” His Democratic counterpart, Sen. Patty Murray of Washington praised Hamburg’s “dedication to protecting public health … and strengthening patient and consumer safety.”

The HELP committee announced this week that it would begin work on legislation controlling the FDA. Even before he took over the committee this year, Alexander commissioned a report on the medical review and approval process so that he could hit the ground running with hearings and an effort to move legislation. Much of his focus has been on getting drugs and medical devices to market faster. Alexander said the goal is “to modernize the way drugs and medical devices are discovered, developed and approved.”

The role of the FDA Commissioner will be central in deciding when and whether to defend the agency’s powers in the face of deregulatory reforms, not least because both parties and the White House support varying degrees of change. “The administration is very engaged,” in the changes afoot on Capitol Hill, says one Democratic Senate aide, and “Any incoming FDA commissioner is going to play a big role in the process.”

Dr. Stephen Ostroff, a long-time employee of the Health and Human services department and currently the chief scientist at FDA, will become Acting Commissioner when Hamburg steps down in March. Hamburg recently appointedRobert Califf of Duke University to be Deputy Commissioner for Medical Products and Tobacco. He is due to start that job in late February, and is considered a leading contender to succeed Hamburg—the Wall Street Journalnotes that he was interviewed twice for the job under the Bush administration.

The FDA Commissioner in nominated by the President and requires Congressional approval.

Elizabeth Warren Goes to Bat for Medical Device Industry

J. Scott Applewhite—APSen. Elizabeth Warren is seen on Capitol Hill in Washington on Jan. 8, 2015.

The populist Senator backs regulatory changes, tax credits and more government funding for home state heavyweights.

Elizabeth Warren, the Democratic star who just last week unveiled a bill targeting the profits of large drug makers, doesn’t sound like much of a populist when it comes to another group of big health care corporations, the medical device manufacturers, many of which happen to be headquartered in the Senator’s home state of Massachusetts. Warren’s coziness with those companies is now earning her criticism within her party, with one former Democratic Senate staffer describing some of her positions as “repulsive.”

Warren took to the floor of the Senate on Jan. 29 to unveil a bill she said would act as a kind of multi-million dollar “swear jar” for pharmaceutical companies that break the law, penalizing them when they get caught and using the funds to supplement scientific research. With the folksy delivery that has made her a favorite of progressives across the country, she said that powerful, moneyed lobbyists had opposed the bill, but that her message to them and their big business bosses was, “If they don’t want to put a dollar in the swear jar, then stop swearing.”

Popular Among Subscribers

What Warren didn’t say was that her bill has a loophole in it for medical device manufacturers. Those companies, which make everything from latex gloves to Magnetic Resonance Imaging machines, would be exempt from her proposed penalties unless they also make drugs. At the same time, her bill explicitly ensures that the so-called “medtech” companies would benefit from the research dollars that her “swear jar” would generate.

Warren is widely seen as the defender of everyday Americans against the scourge of business interests that she says manipulate Washington, rig regulation and fuel corporate welfare. But when it comes to the medical device industry, she sings a different tune, albeit quietly. Since she launched her campaign for the Senate in 2011, Warren has come out in favor several medical device industry priorities, including rewriting Food and Drug Administration (FDA) regulations, bolstering federal research funding and making permanent certain temporary tax credits for research and development.

Most visibly, she wants to repeal the medical device taxes that help fund President Barack Obama’s signature health reform, the Affordable Care Act. That position has brought her into a surprising, if temporary, alliance on the issue with the new Republican leaders of Congress, who see repeal of the medical device tax as their most likely legislative vehicle to chip away at Obamacare.

All these pro-business positions have not gone unnoticed. “We’ve enjoyed the opportunity to work with Sen. Warren during her tenure in Congress,” says JC Scott, the head of government affairs for the medical device industry’s top lobbyist, AdvaMed. Scott says Warren “certainly has been engaged with a focus on improving the regulatory efficiency” at the Food and Drug Administration, which approves and regulates medical devices, thanks to her position on the agency’s Congressional oversight authority, the Health, Education, Labor and Pensions (HELP) committee.

In many ways there is nothing extraordinary in Warren’s positions: they are the work of an elected representative ensuring the interests of her constituents. Medical devices are big business in Massachusetts. In 2010, the latest date for which numbers are available from the Bureau of Labor Statistics, medical device companies claimed responsibility for more than 23,000 jobs in Massachusetts, 13% of its export economy and $17.6 billion worth of the state’s economy. Warren also represents major academic research institutions that are primary beneficiaries of programs that also benefit the medical device industry. “This is a very powerful industry,” says Paul Thacker, a former medical device and pharmaceutical investigator for the Republican staff of the Senate Finance committee, “And she’s looking out for jobs in her home state.”

Warren first enunciated her medtech positions during her close race against then-incumbent Senator Scott Brown in 2012. For the campaign, Brown received $170,650 from the medical device industry, according to the Center for Responsive Politics, while Warren didn’t break the top 20 recipients for industry campaign contributions, receiving only $16,550. In late March 2012, Brown attacked Warren for her support of Obama’s Affordable Care Act, saying it would hurt the medtech industry in Massachusetts.

Two weeks later, Warren published an editorial in an industry newsletter broadly supporting medtech’s policy agenda. Among the positions she espoused were changing FDA regulations to speed approval of medical devices, advancing Congressional research funding for medical devices, making permanent federal tax credits for research and development, and repealing the medical device tax in Obamacare. Warren ended up winning by 8 percentage points, or more than 200,000 votes, in a race that cost both sides more than $77 million.

Warren’s record supporting the medical device industry, which had $336 billion in domestic revenues in 2013, contrasts with her criticism of other industries. On a section of her website devoted to “leveling the playing field” she says, “The most profitable corporations should have to pay their fair share.” The Obamacare medical device tax that she wants to repeal will cost the industry $29 billion over ten years, according to the Joint Committee on Taxation. In a hearing this year on a Republican bill that she said would have lowered the cost of Obamacare on businesses, Warren said, “I’m against adding $53 billion to the deficit so that corporations can push their costs and responsibilities onto the government.”

Warren’s position on the repeal of the medical device tax in the Affordable Care Act draws particular ire from those who fought to pass it into law. Unlike the pharmaceutical and hospital industries, the medical device industry refused to negotiate directly with the bill’s authors over how much of the cost of Obamacare the device makers would bear, say Senate aides familiar with the negotiations. The medical device tax that was ultimately included in the 2010 bill was the result of intense negotiations between its authors and Democratic senators supporting the industry. “The idea that Elizabeth Warren thinks that one industry should get a sweetheart deal from paying their fair share for providing healthcare to poor Americans is repulsive,” says one former Democratic Senate staffer involved in the negotiations.

The Medical Innovation Act [pdf] Warren proposed last week is also a study in contrasts. Big pharma companies have repeatedly been subject to legal action by the Justice Department, but so too have some medical device manufacturers. One of the biggest device makers, the Minnesota-based Medtronic, paid $23.5 million in Dec. 2011, and $9.9 million in May 2014 to resolve alleged violations of the False Claims Act. It was also the subject of a 2012 Senate Finance Committee investigation into alleged manipulation of studies into its products.

Warren and her staffers declined to comment on her bill or her positions on medical device regulation, oversight and funding, but her office confirmed that she still holds the positions she took in the 2012 op-ed. Warren’s defenders say she believes the medical device tax in the Affordable Care Act impedes innovation and should be replaced with another source of revenue. They say her positions on the medical device industry are in line with her broader approach to funding research and development and simplifying regulation. They argue that her bill shields small companies, not medical device makers, by targeting only those companies that make blockbuster drugs that received funding from the National Institutes of Health (NIH). Her defenders also point out that some big drug makers are also medical device makers, and so could be subject to the penalties.

Warren is realistic about the slim chances her Medical Innovation Act has to pass. “I don’t kid myself,” she said as she presented the bill last week, “A handful of actors with money and power like things just the way they are.” Warren will get a chance to help change things starting next week, though, as the GOP-led HELP committee begins rewriting the regulations and funding mechanisms for both the FDA and the NIH. At stake are the rules controlling how closely the FDA oversees the approval of new medical devices and how much funding the industry gets from government. The House is already moving legislation. “We’re really excited in the House and Senate to move forward with legislation to address regulatory challenges,” says AdvaMed’s JC Scott.